fail2ban/config/filter.d/apache-botsearch.conf

# Fail2Ban filter to block web requests for stuff that doesn't exist
#
# This is normally a predefined list of exploitable or valuable web services
# that are hidden or aren't actually installed.
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$

ignoreregex = 


[Init]

# Webroot represents the webroot on which all other files are based
webroot = /var/www/
# Block is the actual non-found directories to block
block = (<webmail>|<phpmyadmin>|<wordpress>)[^,]*

# These are just convient definitions that assist the blocking of stuff that 
# isn't installed
webmail = roundcube|mail|horde|webmail

phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)

wordpress = wp-(login|signup)\.php


# DEV Notes:
#
# Author: Daniel Black
ENH: add apache-botsearch. Closes gh-544 11 years ago			`# Fail2Ban filter to block web requests for stuff that doesn't exist`
			`#`
			`# This is normally a predefined list of exploitable or valuable web services`
			`# that are hidden or aren't actually installed.`
			`#`

			`[INCLUDES]`

			`# overwrite with apache-common.local if _apache_error_client is incorrect.`
			`before = apache-common.conf`

			`[Definition]`

			`failregex = ^%(_apache_error_client)s ((AH001(28\|30): )?File does not exist\|(AH01264: )?script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$`

			`ignoreregex =`


			`[Init]`

			`# Webroot represents the webroot on which all other files are based`
			`webroot = /var/www/`
			`# Block is the actual non-found directories to block`
ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal. Block is now a prefix of a path 11 years ago			`block = (<webmail>\|<phpmyadmin>\|<wordpress>)[^,]*`
ENH: add apache-botsearch. Closes gh-544 11 years ago
			`# These are just convient definitions that assist the blocking of stuff that`
			`# isn't installed`
			`webmail = roundcube\|mail\|horde\|webmail`

ENH: additional phpmyadmin tips from Tom on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal. Block is now a prefix of a path 11 years ago			`phpmyadmin = (typo3/\|xampp/\|admin/\|)(pma\|(php)?[Mm]y[Aa]dmin)`
ENH: add apache-botsearch. Closes gh-544 11 years ago
			`wordpress = wp-(login\|signup)\.php`


			`# DEV Notes:`
			`#`
			`# Author: Daniel Black`